Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot your computer.

#. Run ComboFix------------------------------------------------Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open internet browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click onthis linkto see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Chopin

Posted 03 April 2008 - 05:07 AM

Please read my entire post before commencing, and please follow my instructions in the order that they are given If you don't understand something, don't be afraid to ask!

1. Update Java------------------------------------------------Your Java is out of date.Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

Scroll down to where it says "JJava Runtime Environment (JRE) 6 Update 5...allows end-users to run Java applications".

Click the "Download" button to the right.

Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.

Click on the link to download Windows Offline Installation and save the file to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.

Click the Remove or Change/Remove button.

Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed.

Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.

2. P2P------------------------------------------------I see you are using P2P file-transfer programs. Although the programs themselves (e.g. LimeWire, BitComet) are legal, most people are not so nice and use them for illegal purposes. Many of the files these programs download are infected with malware. Due to this, it would be best if you removed any P2P programs from your computer.

3. Submit File for Testing------------------------------------------------Please go to this website: Link

Once there, you will see a textbox in the middle of the screen. Copy and paste the following line into the textbox:

C:\WINDOWS\system32\tmp915B1.FOT

Click the large "Send File" button. Your file will be scanned by MANY different antivirus engines, so until the top says Current status: Finished, don't close the window/copy the results! Once the scan is finished, copy and paste the entire table into a reply so it looks like this:

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.

Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

5. Deckard's System Scanner------------------------------------------------Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close ALL open windows before running the scan.

Note: This program will clear your temporary files.

On the first run, Deckard's System Scanner will provide you with two warnings. Press "OK" and allow DSS to scan.

The entire scanning process will take about five minutes, often less.

During the scan you may get warnings about sigcheck.exe trying to access the Internet; please make sure you allow it to do so.

Your antivirus may also warn you about nircmd.exe; please make sure you do not delete nircmd.exe as it will cause DSS to malfunction.

Once the scan is complete, you will get two logfiles - a main.txt (which you see) and an extra.txt (which is minimized). Copy the contents of both into a reply.

On subsequent runs, DSS will only provide a significantly shortened main.txt and not an extra.txt.

-- End of Deckard's System Scanner: finished at 2008-04-03 11:22:16 -------------------------------------------------------------------------------------------------------------------------DSS EXTRA Log: (see next post for full extra log)

Paste the list of files from the quote box below into the notepad window.

C:\WINDOWS\bovijmxa.dll

Save this as vundofix.vft and Save as type "all files".

Double-click VundoFix.exe to run it.

Drag vundofix.vft onto the listbox (white box) of VundoFix.

Click the "Remove Vundo" button.

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.

Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

2. Run OTMoveIt2------------------------------------------------Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.

Click the red Moveit! button.

A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

File/Folder C:\WINDOWS\FLEOK not found.C:\Program Files\Win_Performance\registry_backup moved successfully.C:\Program Files\Win_Performance\files moved successfully.C:\Program Files\Win_Performance\extensions moved successfully.C:\Program Files\Win_Performance moved successfully.C:\Documents and Settings\All Users\Application Data\Rabio moved successfully.C:\Program Files\stc moved successfully.LoadLibrary failed for C:\WINDOWS\system32\MSNSA32.dllC:\WINDOWS\system32\MSNSA32.dll NOT unregistered.C:\WINDOWS\system32\MSNSA32.dll moved successfully.LoadLibrary failed for C:\WINDOWS\msapasrc.dllC:\WINDOWS\msapasrc.dll NOT unregistered.C:\WINDOWS\msapasrc.dll moved successfully.LoadLibrary failed for C:\WINDOWS\msa64chk.dllC:\WINDOWS\msa64chk.dll NOT unregistered.C:\WINDOWS\msa64chk.dll moved successfully.LoadLibrary failed for C:\WINDOWS\system32\SIPSPI32.dllC:\WINDOWS\system32\SIPSPI32.dll NOT unregistered.C:\WINDOWS\system32\SIPSPI32.dll moved successfully.LoadLibrary failed for C:\WINDOWS\system32\shdocpe.dllC:\WINDOWS\system32\shdocpe.dll NOT unregistered.C:\WINDOWS\system32\shdocpe.dll moved successfully.LoadLibrary failed for C:\WINDOWS\shdocpl.dllC:\WINDOWS\shdocpl.dll NOT unregistered.C:\WINDOWS\shdocpl.dll moved successfully.LoadLibrary failed for C:\WINDOWS\shdocpe.dllC:\WINDOWS\shdocpe.dll NOT unregistered.C:\WINDOWS\shdocpe.dll moved successfully.C:\WINDOWS\ntnut.exe moved successfully.LoadLibrary failed for C:\WINDOWS\winsb.dllC:\WINDOWS\winsb.dll NOT unregistered.C:\WINDOWS\winsb.dll moved successfully.LoadLibrary failed for C:\WINDOWS\browserad.dllC:\WINDOWS\browserad.dll NOT unregistered.C:\WINDOWS\browserad.dll moved successfully.LoadLibrary failed for C:\WINDOWS\aviwrap32.dllC:\WINDOWS\aviwrap32.dll NOT unregistered.C:\WINDOWS\aviwrap32.dll moved successfully.C:\Program Files\Sysmnt moved successfully.LoadLibrary failed for C:\WINDOWS\avisynthex32.dllC:\WINDOWS\avisynthex32.dll NOT unregistered.C:\WINDOWS\avisynthex32.dll moved successfully.LoadLibrary failed for C:\WINDOWS\avifile32.dllC:\WINDOWS\avifile32.dll NOT unregistered.C:\WINDOWS\avifile32.dll moved successfully.LoadLibrary failed for C:\WINDOWS\autodisc32.dllC:\WINDOWS\autodisc32.dll NOT unregistered.C:\WINDOWS\autodisc32.dll moved successfully.LoadLibrary failed for C:\WINDOWS\audiosrv32.dllC:\WINDOWS\audiosrv32.dll NOT unregistered.C:\WINDOWS\audiosrv32.dll moved successfully.LoadLibrary failed for C:\WINDOWS\ati2dvag32.dllC:\WINDOWS\ati2dvag32.dll NOT unregistered.C:\WINDOWS\ati2dvag32.dll moved successfully.LoadLibrary failed for C:\WINDOWS\ati2dvaa32.dllC:\WINDOWS\ati2dvaa32.dll NOT unregistered.C:\WINDOWS\ati2dvaa32.dll moved successfully.LoadLibrary failed for C:\WINDOWS\changeurl_30.dllC:\WINDOWS\changeurl_30.dll NOT unregistered.C:\WINDOWS\changeurl_30.dll moved successfully.LoadLibrary failed for C:\WINDOWS\athprxy32.dllC:\WINDOWS\athprxy32.dll NOT unregistered.C:\WINDOWS\athprxy32.dll moved successfully.LoadLibrary failed for C:\WINDOWS\asycfilt32.dllC:\WINDOWS\asycfilt32.dll NOT unregistered.C:\WINDOWS\asycfilt32.dll moved successfully.LoadLibrary failed for C:\WINDOWS\asferror32.dllC:\WINDOWS\asferror32.dll NOT unregistered.C:\WINDOWS\asferror32.dll moved successfully.LoadLibrary failed for C:\WINDOWS\apphelp32.dllC:\WINDOWS\apphelp32.dll NOT unregistered.C:\WINDOWS\apphelp32.dll moved successfully.C:\WINDOWS\vinsbkpy.exe moved successfully.C:\WINDOWS\javctudo moved successfully.C:\Program Files\LimeWire\New Folder moved successfully.C:\Program Files\LimeWire moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04042008_110002